Principal Infrastructure Security Engineer

Benefits

Additional Information

Crusoe is on a mission to accelerate the abundance of energy and intelligence . As the only vertically integrated AI infrastructure company built from the ground up, we own and operate each layer of the stack - from electrons to tokens - to power the world's most ambitious AI workloads. When you join Crusoe, you join a team that is building the future, faster. We're in the midst of the greatest industrial revolution of our time. The demand for AI compute is boundless, and power is a bottleneck. We're solving that - with an energy-first approach that makes AI infrastructure better for the world and faster for the people innovating with AI. We're looking for problem-solving, opportunity-finding teammates with a sense of urgency, who believe in the scale of our ambition and thrive on a path not fully paved - people who want to grow their careers alongside a team of experts across energy, manufacturing, data center construction, and cloud services. If you want to do the most meaningful work of your career, help our customers and partners advance their AI strategies, and be part of a high-performing team that believes in each other, come build with us at Crusoe. About This Role: As the Principal Infrastructure Security Engineer, you will serve as the visionary lead for securing Crusoe's next-generation AI cloud infrastructure. This is a role for an industry-recognized security expert who has operated at hyperscale and understands how to systematically dismantle infrastructure risk. You are stepping in at a critical evolutionary phase: leading the architectural shift to a true zero-trust, identity-first fabric. In this position, you will bridge the gap between hardware roots-of-trust and the cloud control plane. You will tackle complex challenges across the entire stack, from hardware-level supply chain vulnerabilities and BMC hardening to securing public build environments and implementing cryptographically attested workload identities. You aren't just securing a cloud; you are defining the security standard for the age of generative AI infrastructure while directly driving our enterprise security roadmap. What You'll Be Working On: Platform Security Services: Lead the architectural transition to a zero-trust network by driving the adoption of Workload Identity (SPIRE/SPIFFE) and enforcing mutual TLS (mTLS) with encryption, authorization policy enforcement across all service-to-service communications. Eradicating Static Credentials: Architect and deploy Just-in-Time (JIT) access models, ephemeral credentials (PAM), and granular machine identities to systematically eliminate static credentials and API keys across the infrastructure. Full-Stack Supply Chain Security: Architect and enforce security controls across the entire supply chain spectrum: from firmware and bare-metal (hardening BMC administration and establishing verifiable roots-of-trust) up through the hypervisor, VM layer, cloud control plane, and CI/CD build environments (GitLab). Enterprise Data Security & Secrets Management: Drive the technical delivery of highly requested enterprise trust features, including Customer-Managed Encryption Keys (CMEK) and an internal Secrets-as-a-Service platform (Vault-aaS). Runtime Integrity & Advanced Threat Defense: Lead the deployment of host-level controls using eBPF and Falco-class tooling for kernel lockdown, audit expansion, and immutable logging to detect and prevent threats in real-time. Network & Hardware Isolation: Guide the security architecture for SDN 2.0 (OVN sharding per tenant), secure VPC peering, and private connectivity (IPsec VPN, VPC Interface Endpoints) to ensure rigorous tenant isolation without an AI workload performance tax. Executive Advisory & Prioritization: Act as a trusted advisor to leadership, synthesizing ambiguous systemic signals-from endpoint and SaaS risks to deep infrastructure vulnerabilities-into clear engineering action plans and RFCs. What You'll Bring to the Team: Hyperscale Provenance: 12+ years of experience in infrastructure security, security architecture, or production engineering, with significant tenure at a major cloud provider (e.g., AWS, GCP, Azure) or specialized high-performance computing environment. Identity & Zero Trust Mastery: Deep, hands-on architectural expertise with modern identity frameworks (SPIFFE/SPIRE, OIDC, OAuth 2.0) and a proven track record of successfully rolling out mTLS and ephemeral credentialing at scale. Supply Chain & Pipeline Security: Strong experience securing public/private build environments, enforcing CI/CD pipeline integrity, and mitigating risks across software, firmware, and hardware supply chains. Deep Systems & Kernel Authority: Authoritative knowledge of OS-level security, Linux kernel internals, hypervisor isolation boundaries, and runtime integrity tooling (eBPF, Falco). Hardware-to-Software Security: Proven experience securing bare-metal infrastructure, including Baseboard Management Controller (BMC) hardeni

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Crusoe? Share your experience